Tips on Password Security
You always hear about choosing strong passwords. Every time you sign up online for any account, you are advised to choose a strong password and maybe even given colors showing you the strength of the password you have selected. What exactly is a strong password, though?
First, your password should be no shorter than eight characters. Why? This is because most places don't actually store your password - they make a hash (which is sort of like a fingerprint) and then encrypt the hash, or vice versa. The relative strength of the encrypted and hashed file is based on both the strength of the encryption/hashing algorithm in use and the length of your password.
Generally speaking, your password is 2n bits strong when n=number of characters in your password. A password of eight characters is similar to having a 256-bit password. By adding just one more character (now at nine characters), your password becomes similar to 512-bit. Each character you add doubles the password strength, but it takes more than an eight-character-long password to be considered strong.
You should also make sure not to use any combination of characters that can be found in the dictionary. For example, a password like "password," while eight characters long, will be easily cracked in a matter of minutes using what is known as a dictionary attack. This type of attack simply tries words found in a dictionary to login as you.
Next, refrain from using information about you in your password such as your birthday, anniversary, phone number, street address, or other information that is probably posted all over your Facebook page. Why? These types of passwords use readily available information and are easy to guess. Use a mix of characters in your password including numbers, capital letters, lowercase letters, and special characters such as "%."
You can even take that same dictionary word and change a few of the letters to numbers or special characters to make your password infinitely more complex but still easy to remember. Take the previous example, "password." Here's the same base word, but with some modifications: "P@ssW0rd." Note the capital letters, the special character in place of an "a," and the number zero in place of the "o." A hacking program will have a much more difficult time with this password than our previous, plain English word.
Finally, make sure you keep your password simple enough to remember. It is not secure if you have to write it down and hide it under your keyboard. And remember, there is never a circumstance in which you should provide your password to anyone. No legitimate administrator needs your password to accomplish any task.
Ben Howard - MCSE, Security+, CCNA Security, NSA 4011
Senior IT Associate - NSK Inc.